Information processing system, information processing apparatus, and information processing method

ABSTRACT

An information processing system includes: an authenticator that authenticates one or more image processing apparatuses using authentication information of a user in response to receipt of the authentication information; and a server including a processor configured to permit the user to use an image processing apparatus that has location information related to the authentication information of the user among the authenticated one or more image processing apparatuses.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is based on and claims priority under 35 USC 119 fromJapanese Patent Application No. 2021-120980 filed Jul. 21, 2021.

BACKGROUND (i) Technical Field

The present disclosure relates to an information processing system, aninformation processing apparatus, and an information processing method.

(ii) Related Art

Japanese Unexamined Patent Application Publication No. 2018-205906describes an image processing apparatus capable of communicating with auser's mobile terminal including an authentication module for biometricauthentication. In response to receipt of verification data issued by aservice providing system, the authentication module of the mobileterminal is used for biometric authentication, and the image processingapparatus requests a device authentication system cooperating with theservice providing system to issue an authentication token.

SUMMARY

In some cases, a user who has been authenticated as a user registered inadvance is authorized to use image processing apparatuses uniformly. Theauthenticated user is authorized to use all the image processingapparatuses or use all the functions of each image processing apparatus.However, it may be undesirable that a user who has been authenticated beauthorized to uniformly use all image processing apparatuses and use allthe functions of each image processing apparatus for security reasons,for example.

Aspects of non-limiting embodiments of the present disclosure relate torestriction of an authenticated user to use an image processingapparatus on a location-by-location basis, where each location isprovided with an image forming apparatus.

Aspects of certain non-limiting embodiments of the present disclosureaddress the features discussed above and/or other features not describedabove. However, aspects of the non-limiting embodiments are not requiredto address the above features, and aspects of the non-limitingembodiments of the present disclosure may not address features describedabove.

According to an aspect of the present disclosure, there is provided aninformation processing system including: an authenticator thatauthenticates one or more image processing apparatuses usingauthentication information of a user in response to receipt of theauthentication information; and a server including a processorconfigured to permit the user to use an image processing apparatus thathas location information related to the authentication information ofthe user among the authenticated one or more image processingapparatuses.

BRIEF DESCRIPTION OF THE DRAWINGS

An exemplary embodiment of the present disclosure will be described indetail based on the following figures, wherein:

FIG. 1 illustrates an example overall configuration of an informationprocessing system according to the exemplary embodiment;

FIG. 2 is a block diagram illustrating an example hardware configurationof a server apparatus according to the exemplary embodiment;

FIG. 3 is a block diagram illustrating an example hardware configurationof an image processing apparatus according to the exemplary embodiment;

FIG. 4 is a block diagram illustrating an example functionalconfiguration of the server apparatus according to the exemplaryembodiment;

FIG. 5 is a block diagram illustrating an example functionalconfiguration of the image processing apparatus according to theexemplary embodiment;

FIG. 6 is a flowchart illustrating a process for the server apparatusaccording to the exemplary embodiment to manage authorizationinformation of a user;

FIG. 7 is a flowchart illustrating a process for the image processingapparatus according to the exemplary embodiment to limit an imageforming function; and

FIG. 8 is a diagram illustrating an example relationship among aplurality of image processing apparatuses according to this exemplaryembodiment.

DETAILED DESCRIPTION

An exemplary embodiment of the present disclosure will be described indetail with reference to the accompanying drawings.

Overall Configuration of Information Processing System 1

FIG. 1 illustrates an example overall configuration of an informationprocessing system 1 according to the exemplary embodiment.

As illustrated in FIG. 1 , the information processing system 1 includesa server apparatus 10 and a plurality of image processing apparatuses 20(such as image processing apparatuses 20 a and 20 b). The serverapparatus 10 manages information for authorizing authenticated users touse the image processing apparatuses 20. Each of the image processingapparatuses 20 is an image processing apparatus that an authenticateduser is restricted to use. The server apparatus 10 and the imageprocessing apparatuses 20 are connected to each other via acommunication line 80. The information processing system 1 may furtherinclude an authenticator 30 for authenticating a user who is to use theimage processing apparatuses 20. The communication line 80 is, forexample, a network such as the Internet and is used for informationcommunication between the server apparatus 10 and the image processingapparatuses 20.

In this exemplary embodiment, the term “authorization” refers to theprocess of permitting a user to use a specific image processingapparatus 20. In this exemplary embodiment, the term “authentication”refers to the process of verifying the identity or authenticity of aperson or an object by using any means. Authentication verifies theidentity of a user who is to use an image processing apparatus 20, theauthenticity of the image processing apparatus 20 that the user isauthorized to use, and the like.

The server apparatus 10 is an information processing apparatus forproviding, in response to a request sent from an image processingapparatus 20 through a user's operation, services to the user throughthe image processing apparatus 20. The services include management ofdocument data, authorization information, authentication information,and the like by the server apparatus 10 according to this exemplaryembodiment.

The document data is an uploaded electronic document. The document mayinclude an image and text, or may include an image without text.

The authorization information is information registered in the serverapparatus 10 in advance and is information indicating approval of theuse of an image processing apparatus 20 and indicating a person who ispermitted to use the image processing apparatus 20.

The authentication information is information identifying a user. Theauthentication information is used to authenticate one or more imageprocessing apparatuses that the identified user is to use.

Each of the image processing apparatuses 20 is an apparatus foruploading or printing document data in response to an operation of auser who is to use the information processing system 1. In thisexemplary embodiment, the image processing apparatuses 20 are each amulti-function peripheral for providing various image processingfunctions, such as an image reading function (scanning function), aprinting function, a copying function, and a facsimile function, inresponse to an instruction given by an authenticated user.Authentication of a user is performed in response to an input of a userID, a password, biometric information, or the like to the imageprocessing apparatus 20 or the authenticator 30.

The authenticator 30 is an apparatus for receiving, when a user is touse an image processing apparatus 20, the user's authenticationinformation requested by the image processing apparatus 20. Morespecifically, in response to a request from a user who is to use theinformation processing system 1 to log in to an image processingapparatus 20, the authenticator 30 authenticates the user based on thebiometric information or the like and transmits obtained authenticationinformation of the user to the image processing apparatus 20. Examplesof the authenticator 30 include a tablet terminal, a smartphone, and apersonal computer.

Hardware Configuration of Server Apparatus 10

FIG. 2 illustrates an example hardware configuration of the serverapparatus 10 according to this exemplary embodiment.

The server apparatus 10 according to this exemplary embodiment includesan arithmetic processing unit 11 that executes digital arithmeticprocessing in accordance with a management program determined in advancefor management of authorization information, a secondary storage unit12, which is implemented by, for example, a hard disk drive (HDD) havingrecorded therein authorization information, authentication information,document data, and the like, and a communication unit 13 that transmitsand receives information via the communication line 80 (see FIG. 1 ).

The arithmetic processing unit 11 includes a central processing unit(CPU) 11 a serving as an example of a processor configured to controlthe overall operation of the server apparatus 10, a random access memory(RAM) lib used as a work memory or the like for the CPU 11 a, and aread-only memory (ROM) 11 c storing a management program or the like tobe executed by the CPU 11 a. The arithmetic processing unit 11 furtherincludes a non-volatile memory 11 d that is rewritable and capable ofholding data even when power is shut off, and an interface unit 11 ethat controls the communication unit 13 and other components connectedto the arithmetic processing unit 11. The non-volatile memory 11 d isconstituted by, for example, a memory backed up by a battery, such as astatic random access memory (SRAM) or a flash memory, and storesdocument data or the like to be printed by the image processingapparatuses 20. The secondary storage unit 12 also stores, as well asthe document data and the like, a management program to be executed bythe arithmetic processing unit 11. The arithmetic processing unit 11reads the management program stored in the secondary storage unit 12 toexecute various types of processes of the server apparatus 10 accordingto this exemplary embodiment.

Hardware Configuration of Image Processing Apparatus 20

FIG. 3 is a block diagram illustrating an example hardware configurationof each of the image processing apparatuses 20 according to thisexemplary embodiment. Each of the image processing apparatuses 20according to this exemplary embodiment includes an arithmetic processingunit 21 that executes digital arithmetic processing in accordance with aprocessing program determined in advance for restricting anauthenticated user to use the image processing apparatus 20, a secondarystorage unit 22, which is implemented by, for example, an HDD havingrecorded therein authorization information and the like, and acommunication unit 23 that transmits and receives information via thecommunication line 80 (see FIG. 1 ). The image processing apparatus 20further includes an input unit 24 that accepts an input operation from auser, such as keys or a touch panel, a display unit 25 that displays animage, text information, and the like to a user, such as a liquidcrystal display panel or an organic electroluminescent (EL) displaypanel, and an image processing unit 26 that implements various imageprocessing functions such as the scanning function, the printingfunction, the copying function, and the facsimile function.

The arithmetic processing unit 21 includes a CPU 21 a serving as anexample of a processor configured to control the overall operation ofthe image processing apparatus 20, a RAM 21 b used as a work memory orthe like for the CPU 21 a, and a ROM 21 c storing a processing programor the like to be executed by the CPU 21 a. The arithmetic processingunit 21 further includes a non-volatile memory 21 d that is rewritableand capable of holding data even when power is shut off, and aninterface unit 21 e that controls the input unit 24 and other componentsconnected to the arithmetic processing unit 21. The non-volatile memory21 d is constituted by, for example, a memory backed up by a battery,such as an SRAM or a flash memory, and stores document data to beprocessed by the image processing unit 26. The secondary storage unit 22also stores, as well as the authorization information and the like, animage processing program to be executed by the arithmetic processingunit 21. The arithmetic processing unit 21 reads the processing programstored in the secondary storage unit 22 to execute various types ofprocesses of the image processing apparatus 20 according to thisexemplary embodiment.

The programs to be executed by the CPUs 11 a and 21 a serving as anexample of a processor are provided to the arithmetic processing units11 and 21, respectively, such that the programs are stored incomputer-readable recording media such as magnetic recording media(magnetic tapes, magnetic disks, etc.), optical recording media (opticaldisks, etc.), magneto-optical recording media, or semiconductormemories. The programs to be executed by the CPUs 11 a and 21 a may bedownloaded to the server apparatus 10 and the image processing apparatus20 via a communication means such as the Internet.

In this exemplary embodiment, the term “processor” refers to hardware ina broad sense. Examples of the processor include general processors(e.g., CPU: Central Processing Unit) and dedicated processors (e.g.,GPU: Graphics Processing Unit, ASIC: Application Specific IntegratedCircuit, FPGA: Field Programmable Gate Array, and programmable logicdevice).

In this exemplary embodiment, the term “processor” is broad enough toencompass one processor or plural processors in collaboration which arelocated physically apart from each other but may work cooperatively. Theorder of operations of the processor is not limited to one described inthis exemplary embodiment, and may be changed.

Functional Configuration of Server Apparatus 10

Next, the functional configuration of the server apparatus 10 will bedescribed.

FIG. 4 is a block diagram illustrating an example functionalconfiguration of the server apparatus 10 according to this exemplaryembodiment. The server apparatus 10 includes a request acceptance unit111, an authorization information management unit 112, a document datamanagement unit 113, a tenant information storage unit 114, a locationinformation storage unit 115, a position information storage unit 116,and a document data storage unit 117, and these components areimplemented by the arithmetic processing unit 11 illustrated in FIG. 2 .In FIG. 4 , the communication unit 13 illustrated in FIG. 2 is dividedinto a receiving unit 13 a and a transmitting unit 13 b in accordancewith the functions. The receiving unit 13 a receives requests from theimage processing apparatuses 20, authentication information, and thelike. The transmitting unit 13 b transmits authorization information andthe like to the image processing apparatuses 20.

The request acceptance unit 111 acquires authentication information ofan authenticated user and accepts a request from information transmittedfrom an image processing apparatus 20 or the like in response to aninstruction from the user and received by the receiving unit 13 a. Morespecifically, the request acceptance unit 111 accepts a request for, forexample, providing or storing authorization information related to theimage processing apparatus 20 and document data.

In accordance with the request accepted by the request acceptance unit111, the authorization information management unit 112 searches thetenant information storage unit 114, the location information storageunit 115, and the position information storage unit 116 for therequested authorization information to determine whether the requestedauthorization information is stored in the tenant information storageunit 114, the location information storage unit 115, and the positioninformation storage unit 116. If the requested authorization informationis stored, the authorization information management unit 112 retrievesthe requested authorization information and transmits the authorizationinformation to the requesting image processing apparatus 20 through thetransmitting unit 13 b. The authorization information management unit112 further acquires information related to the authenticator 30 or theimage processing apparatus 20 that has requested the authorizationinformation. Further, the authorization information management unit 112updates the authorization information stored in the tenant informationstorage unit 114, the location information storage unit 115, and theposition information storage unit 116 in accordance with the requestaccepted by the request acceptance unit 111.

In accordance with the request accepted by the request acceptance unit111, the document data management unit 113 extracts the requesteddocument data from the document data stored in the document data storageunit 117. More specifically, the document data management unit 113retrieves the requested document data from the document data storageunit 117 and transmits the document data to the requesting imageprocessing apparatus 20 through the transmitting unit 13 b. Inaccordance with the request accepted by the request acceptance unit 111,further, the document data management unit 113 performs a process forstoring document data acquired from the image processing apparatus 20 orthe like in the document data storage unit 117. More specifically, thedocument data management unit 113 performs a process for extractingdocument data in accordance with a request from a user or an imageprocessing apparatus 20 different from the user or the image processingapparatus 20 that has provided the document data.

The tenant information storage unit 114 stores tenant information. Thetenant information is authorization information indicating a group ofusers to which the same authentication result is to be provided. Morespecifically, the tenant information storage unit 114 stores tenantinformation indicating a company, a department, a job title, or the liketo which the users belong. The tenant information storage unit 114 isimplemented by the non-volatile memory 11 d.

The location information storage unit 115 stores location information.The location information is authorization information classifying theimage processing apparatuses 20. More specifically, the locationinformation storage unit 115 stores a location in which the imageprocessing apparatuses 20 are installed. The location is a region oraddress of a building in which the image processing apparatuses 20 areinstalled. The location may be at least one of a floor or a room wherethe image processing apparatuses 20 are installed in the building. Thelocation information storage unit 115 is implemented by the non-volatilememory 11 d.

The position information storage unit 116 stores position information.The position information is authorization information indicating animage processing apparatus 20 used by a user. The position informationmay be information indicating a position relationship between the imageprocessing apparatus 20 and the authenticator 30. The positioninformation storage unit 116 stores the position information, forexample, a relationship between the location information of the imageprocessing apparatus 20 and a measurement result indicating a positionmeasured by radio waves received at the authenticator 30 from a GlobalPositioning System (GPS) satellite, and the state of connection betweenthe image processing apparatus 20 and the authenticator 30 via Bluetooth(registered trademark). The position information storage unit 116 isimplemented by the non-volatile memory 11 d.

The document data storage unit 117 stores the document data acquired bythe document data management unit 113. The document data storage unit117 is implemented by the non-volatile memory 11 d.

Functional Configuration of Image Processing Apparatus 20

Next, the functional configuration of each of the image processingapparatuses 20 will be described.

FIG. 5 is a block diagram illustrating an example functionalconfiguration of each of the image processing apparatuses 20 accordingto this exemplary embodiment. As illustrated in FIG. 5 , each of theimage processing apparatuses 20 includes an operation determination unit211, a user authentication unit 212, an authorization determination unit213, a display control unit 214, an image processing control unit 215, auser authentication information storage unit 216, a location informationstorage unit 217, an authorization information storage unit 218, and acommunication processing unit 219, and these components are implementedby the arithmetic processing unit 21 (see FIG. 3 ).

The operation determination unit 211 determines whether a user operationhas been performed on the image processing apparatus 20 through theinput unit 24 or the like. Examples of the user operation include anoperation of logging in to the image processing apparatus 20, and anoperation of instructing the image processing unit 26 to performprocessing.

The user authentication unit 212 determines, based on the determinationmade by the operation determination unit 211, whether to authenticatethe login of the user. More specifically, the user authentication unit212 determines whether to authenticate the identity of the user who isto use the image processing apparatus 20. Examples of the condition forthe authentication include matching the user ID, the password, thebiometric information, or the like of the user with informationregistered in advance. In response to a request for a login from theuser, the user authentication unit 212 may determine that the login ofthe user is authenticated when a request for Fast ID Online (FIDO)authentication of the user whose user ID, biometric information, or thelike has been acquired is accepted from the authenticator 30.

The authorization determination unit 213 determines, based on registeredauthorization information indicating a person who is to be permitted touse the image processing apparatus 20 and authorization information forpermitting a user authenticated by the user authentication unit 212 touse the image processing apparatus 20, whether to authorize theauthenticated user to use the image processing apparatus 20. Morespecifically, the authorization determination unit 213 determines, basedon the authorization information, an image processing function that theauthenticated user is authorized to use.

The display control unit 214 controls, based on the content acquiredfrom the operation determination unit 211, the user authentication unit212, and the authorization determination unit 213, how an instructionimage indicating an image processing function selected by the user isdisplayed, for example.

The image processing control unit 215 controls an image processingfunction to be used by the authenticated user, based on the contentacquired from the operation determination unit 211, the userauthentication unit 212, and the authorization determination unit 213.More specifically, the image processing control unit 215 stops all imageprocessing functions, enables some of a plurality of image processingfunctions, or limits a change in the settings of various imageprocessing functions or the like.

The user authentication information storage unit 216 acquiresauthentication information of the user from the user authentication unit212 or the communication processing unit 219 and stores theauthentication information.

The location information storage unit 217 acquires location informationof the image processing apparatus 20 from the secondary storage unit 22or the communication processing unit 219 and stores the locationinformation.

The authorization information storage unit 218 acquires authorizationinformation for permitting the use of the image processing apparatus 20from the secondary storage unit 22 or the communication processing unit219 and stores the authorization information.

The user authentication information storage unit 216, the locationinformation storage unit 217, and the authorization information storageunit 218 are implemented by the non-volatile memory 21 d.

The communication processing unit 219 processes information to betransmitted from the communication unit 23 or information received bythe communication unit 23. The communication processing unit 219acquires the content determined by the user authentication unit 212,extracts authentication information of a user who requests the use ofthe image processing apparatus 20, and sends a request for authorizationinformation associated with the extracted authentication information tothe server apparatus 10 via the communication unit 23. The communicationprocessing unit 219 may acquire the content determined by theauthorization determination unit 213 and, if the authenticated user isnot authorized to use the image processing apparatus 20, provide anotification to an administrator who manages the information processingsystem 1 or the authenticated user via the communication unit 23 or makea request for authentication of another user. Further, the communicationprocessing unit 219 acquires document data, authorization information,and the like from the server apparatus 10 or another image processingapparatus 20 via the communication unit 23, and provides informationrequired for the user authentication unit 212, the authorizationdetermination unit 213, the display control unit 214, the userauthentication information storage unit 216, the location informationstorage unit 217, the authorization information storage unit 218, andthe like. In other words, the communication processing unit 219processes the acquired information and performs determination.

Process for Managing Authorization Information by Server Apparatus 10

Next, management of authorization information by the server apparatus 10will be described with reference to FIGS. 4 and 6 . In one example, theserver apparatus 10 accepts a request for authorization informationrelated to an authenticated user from an image processing apparatus 20.

FIG. 6 is a flowchart illustrating a process for the server apparatus 10to manage authorization information.

In the flowchart illustrated in FIG. 6 , the request acceptance unit 111illustrated in FIG. 4 accepts a request for authorization informationrelated to an authenticated user from information transmitted from animage processing apparatus 20 and received by the receiving unit 13 a(step 501). The authorization information management unit 112 searchesthe tenant information storage unit 114 for tenant informationassociated with the authentication information of the user within therequested authorization information in accordance with the requestaccepted by the request acceptance unit 111 (step 502). The requestedauthorization information is, for example, tenant information forauthenticating and restricting the use of an image processing apparatus20 that a user whose identify has been authenticated is permitted touse, on a tenant-by-tenant basis, where each tenant is an entity towhich the user belongs.

Then, the authorization information management unit 112 searches thelocation information storage unit 115 for location informationassociated with the authentication information of the user within therequested authorization information in accordance with the requestaccepted by the request acceptance unit 111 (step 503). The requestedauthorization information is, for example, location information forrestricting the use of an image processing apparatus 20 that usershaving the same tenant information are permitted to use, in accordancewith the location where the image processing apparatus 20 is installed.

Then, the authorization information management unit 112 searches theposition information storage unit 116 for position informationassociated with the authentication information of the user within therequested authorization information in accordance with the requestaccepted by the request acceptance unit 111 (step 504). The requestedauthorization information is, for example, position information forrestricting the use of an image processing apparatus 20 that usershaving the same location information are permitted to use, in accordancewith the position of an image processing apparatus 20 that the usershave previously used and the position relationship between the imageprocessing apparatus 20 and the authenticator 30.

The authorization information management unit 112 retrieves therequested authorization information from the tenant information storageunit 114, the location information storage unit 115, and the positioninformation storage unit 116 and transmits the authorization informationto the requesting image processing apparatus 20 through the transmittingunit 13 b (step 505). The position information storage unit 116 storesposition information related to the image processing apparatus 20 towhich the authorization information is to be transmitted (step 506).Then, the process ends.

Through the process described above, the server apparatus 10 providesinformation for restricting an authenticated user to operate the imageprocessing apparatuses 20 on a location-by-location basis, where eachlocation is associated with one or more image forming apparatuses. Theserver apparatus 10 manages the authorization information to save thetime taken for the plurality of image processing apparatuses 20 toupdate the authorization information.

As described above, the server apparatus 10 is configured to provideauthorization information to the image processing apparatuses 20, by wayof example but not limitation. The server apparatus 10 receives locationinformation or position information of an image processing apparatus 20that has requested the authorization information together withauthentication information of the user. The server apparatus 10 maydetermine, based on the received location information or positioninformation of the image processing apparatus 20 and the search resultof the authorization information management unit 112, whether torestrict an authenticated user to operate the image processing apparatus20. This may reduce the amount of information to be transmitted to theimage processing apparatus 20 and reduce the load on the imageprocessing apparatus 20.

Process for Limiting Functions of Image Processing Apparatus 20

Next, a process for limiting functions of the image processing apparatus20 will be described with reference to FIGS. 5, 7, and 8 . In oneexample, authorization information related to an authenticated user isreceived in response to a request made to the server apparatus 10.

FIG. 7 is a flowchart illustrating a process for the image processingapparatus 20 according to this exemplary embodiment to limit an imageforming function.

FIG. 8 is a diagram illustrating an example relationship among aplurality of image processing apparatuses according to this exemplaryembodiment.

As illustrated in FIG. 8 , Company A owns an image processing apparatus20 a installed in the room for the human resources department in thehead office, an image processing apparatus 20 b installed in conferenceroom 1 in the head office, an image processing apparatus 20 c installedin conference room 2 on the same floor as that of the conference room 1,and an image processing apparatus 20 d installed in a business office ata different address from that of the head office. The authenticator 30is used to authenticate a user. The image processing apparatuses 20 a,20 b, and 20 c installed in the head office are classified by locationinformation different from that of the image processing apparatus 20 dinstalled in the business office.

In the flowchart illustrated in FIG. 7 , the operation determinationunit 211 determines that a request for the login of a user has beenaccepted (step 601). The user authentication unit 212 determines, basedon the content determined by the operation determination unit 211,whether to authenticate the user who requests the login (step 602). Forexample, if settings for authenticating a user who requests a login havenot been set in the image processing apparatus 20 b illustrated in FIG.8 , the user authentication unit 212 according to this exemplaryembodiment acquires the settings of the image processing apparatus 20 aor the image processing apparatus 20 c having the same locationinformation as that of the image processing apparatus 20 b and toperform authentication in a shared manner.

If the user who requests the login is not authenticated in step 602 (NOin step 602), the image processing control unit 215 restricts the userto use the image processing apparatus 20 (step 603). Then, the processends.

If the user who requests the login is authenticated in step 602 (YES instep 602), the communication processing unit 219 transmitsauthentication information of the user authenticated by the userauthentication unit 212 to the server apparatus 10 via the communicationunit 23 (step 604). The communication processing unit 219 acquiresauthorization information related to the user from the server apparatus10 via the communication unit 23 (step 605).

Then, the authorization determination unit 213 determines whether theauthorization information has been registered in the image processingapparatus 20 (step 606). If the authorization information has not beenregistered in the image processing apparatus 20 (NO in step 606), thecommunication processing unit 219 acquires the authorization informationand the like from another image processing apparatus 20 via thecommunication unit 23 and registers the authorization informationregistered in the other image processing apparatus 20 (step 607). Then,the process proceeds to step 608. For example, the communicationprocessing unit 219 according to this exemplary embodiment shares thetenant information registered in the image processing apparatus 20 chaving position information close to that of the image processingapparatus 20 b illustrated in FIG. 8 based on the location information.

If it is determined in step 606 that the authorization information hasbeen registered in the image processing apparatus 20 (YES in step 606),the authorization determination unit 213 determines whether theregistered authorization information includes the tenant informationreceived from the server apparatus 10 (step 608). If the tenantinformation received from the server apparatus 10 is not included (NO instep 608), the image processing control unit 215 restricts the user touse the image processing apparatus 20 (step 603). Then, the processends. The restriction of the use of the image processing apparatus 20 isnot limited to the prohibition of the use of all of the functions of theimage processing unit 26. For example, the use of the copying functionmay be permitted.

If the tenant information received from the server apparatus 10 isincluded in step 608 (YES in step 608), the authorization determinationunit 213 determines whether the location information received from theserver apparatus 10 has been registered (step 609). For example, theauthorization determination unit 213 according to this exemplaryembodiment determines whether location information related to a user whooperates the image processing apparatus 20 a illustrated in FIG. 8includes information indicating the head office of Company A.Alternatively, the authorization determination unit 213 may determinewhether information indicating the second floor of the head office ofCompany A, the room for the human resources department, or the like isincluded as the location information.

If the location information received from the server apparatus 10 hasnot been registered in step 609 (NO in step 609), the image processingcontrol unit 215 restricts the user to use the image processingapparatus 20 (step 603). Then, the process ends. The restriction of theuse of the image processing apparatus 20 is not limited to whether theimage processing unit 26 prohibits various image processing functions.For example, a detailed setting of “monochrome or color copying” may berestricted in the copying function. For example, the image processingcontrol unit 215 according to this exemplary embodiment may performcontrol to set “monochrome copying” when location information related toa user who uses the copying function of the image processing apparatus20 b illustrated in FIG. 8 includes information indicating the headoffice of Company A, and to set “color copying” when the informationindicating the head office of Company A is not included to address arequest for color copying made by the user who may be a visitor.

If the location information received from the server apparatus 10 hasbeen registered in step 609 (YES in step 609), the authorizationdetermination unit 213 determines, based on the position informationreceived from the server apparatus 10, whether position informationrelated to the image processing apparatus 20 satisfies a predeterminedcondition (step 610). Examples of the predetermined condition includewhether the image processing apparatus 20 is recorded in the history ofone or more image processing apparatuses 20 that have previously beenused by the authenticated user, and whether a position relationshipbetween the authenticator 30 used for user authentication and the imageprocessing apparatus 20 b is the same as or similar to the previousposition relationship of the authenticated user. For example, if a userwho operates the image processing apparatus 20 b illustrated in FIG. 8has previously used the image processing apparatus 20 b, theauthorization determination unit 213 according to this exemplaryembodiment determines that the position information related to the imageprocessing apparatus 20 satisfies the predetermined condition.

If the position information related to the image processing apparatus 20satisfies the predetermined condition in step 610 (YES in step 610), theimage processing control unit 215 permits the user to use the imageprocessing apparatus 20 (step 611). Then, the process ends.

If the position information related to the image processing apparatus 20does not satisfy the predetermined condition in step 610 (NO in step610), the communication processing unit 219 provides a warning via thecommunication unit 23 (step 612). Then, the process ends. For example,if the user who operates the image processing apparatus 20 b illustratedin FIG. 8 has not previously used the image processing apparatus 20 b,if the authenticator 30 used for user authentication is detected at aposition different from that of the image processing apparatus 20 b interms of room or floor, or if the connection with the image processingapparatus 20 b is disconnected, the communication processing unit 219according to this exemplary embodiment provides a warning. The warningis a notification that the image processing apparatus 20 to be used bythe user has not been previously used or is suspected to be used by anauthenticated user, and is provided to the administrator who manages theinformation processing system 1 or the user.

Through the process described above, the image processing apparatus 20restricts an authenticated user to use the image processing apparatus20. Further, the image processing apparatus 20 does not uniformlyauthorize authenticated users to use the image processing apparatus 20.

As described above, each of the image processing apparatuses 20 isconfigured to receive authorization information from the serverapparatus 10, by way of example but not limitation. Each of the imageprocessing apparatuses 20 may receive from the server apparatus 10information indicating the restriction of an authenticated user to usethe image processing apparatus 20. This may save the operation ofregistering authorization information in the image processing apparatus20.

As described above, furthermore, if position information related to theimage processing apparatus 20 does not satisfy a predeterminedcondition, a warning is provided and then the process ends, by way ofexample but not limitation. If position information related to the imageprocessing apparatus 20 does not satisfy the predetermined condition,the image processing apparatus 20 may further send an authenticated usera request for authentication information of the user. This does notprevent a user from using the image processing apparatus 20 if the useof the image processing apparatus 20 is not unauthorized, for example.

As described above, furthermore, a setting of an image processingfunction of the image processing apparatus 20 is restricted for eachauthenticated user, by way of example but not limitation. Authenticatedusers who are permitted to use the image processing apparatus 20 may beuniformly restricted to set an image processing function in accordancewith location information of the image processing apparatus 20. Forexample, the copying function or the printing function may automaticallybe set to monochrome printing for an image processing apparatus 20 in aroom for a department dedicated to creation of materials for internalemployees, and may be permitted to be set to color printing for an imageprocessing apparatus 20 in a room for a department dedicated to creationof materials for external use. This may save cost involved in using theimage processing apparatuses 20.

Processes performed by the server apparatus 10 and the image processingapparatuses 20 in the information processing system 1 according to thisexemplary embodiment are prepared as, for example, programs such asapplication software. The programs may be provided via a communicationmeans or stored in recording media such as a compact disc read-onlymemory (CD-ROM).

The foregoing description of the exemplary embodiments of the presentdisclosure has been provided for the purposes of illustration anddescription. It is not intended to be exhaustive or to limit thedisclosure to the precise forms disclosed. Obviously, many modificationsand variations will be apparent to practitioners skilled in the art. Theembodiments were chosen and described in order to best explain theprinciples of the disclosure and its practical applications, therebyenabling others skilled in the art to understand the disclosure forvarious embodiments and with the various modifications as are suited tothe particular use contemplated. It is intended that the scope of thedisclosure be defined by the following claims and their equivalents.

What is claimed is:
 1. An information processing system comprising: anauthenticator that authenticates one or more image processingapparatuses using authentication information of a user in response toreceipt of the authentication information; and a server including aprocessor configured to permit the user to use an image processingapparatus that has location information related to the authenticationinformation of the user among the authenticated one or more imageprocessing apparatuses.
 2. The information processing system accordingto claim 1, wherein the location information indicates an address of abuilding in which the image processing apparatus is installed.
 3. Theinformation processing system according to claim 2, wherein the locationinformation indicates at least one of a floor or a room in which theimage processing apparatus is installed in the building.
 4. Theinformation processing system according to claim 1, wherein theauthentication using the authentication information is performed on atenant-by-tenant basis, where each tenant is an entity, and wherein animage forming function of an image processing apparatus among the one ormore image processing apparatuses is restricted depending on adifference in the location information when the one or more imageprocessing apparatuses are in the same tenant.
 5. The informationprocessing system according to claim 4, wherein when the one or moreimage processing apparatuses authenticated using the authenticationinformation and an unauthenticated image processing apparatus other thanthe one or more image processing apparatuses have the same locationinformation, authentication is performed in a shared manner.
 6. Theinformation processing system according to claim 4, wherein informationon the tenant is shared across image processing apparatuses havingsimilar position information based on the location information among theone or more image processing apparatuses to allow one of the imageprocessing apparatuses to use the information on the tenant in anotherone of the image processing apparatuses.
 7. The information processingsystem according to claim 1, wherein the user is restricted to use theimage processing apparatus classified by the location information, basedon position information indicating a position relationship between theimage processing apparatus and the authenticator.
 8. The informationprocessing system according to claim 7, wherein it is determined whetherthe position information satisfies a predetermined condition, based on ahistory of use of the one or more image processing apparatuses by theuser authenticated using the authentication information.
 9. Theinformation processing system according to claim 8, wherein in responseto the position information not satisfying the predetermined condition,a notification is provided that the image processing apparatus to beused by the user has not been previously used.
 10. The informationprocessing system according to claim 8, wherein in response to theposition information not satisfying the predetermined condition, arequest for further authentication information is made to the user. 11.An information processing apparatus comprising: a processor configuredto: authenticate one or more image processing apparatuses usingauthentication information of a user; and permit the user to use animage processing apparatus that has location information related to theauthentication information of the user among the authenticated one ormore image processing apparatuses.
 12. An information processing methodcomprising: authenticating one or more image processing apparatusesusing authentication information of a user in response to receipt of theauthentication information; and permitting the user to use an imageprocessing apparatus that has location information related to theauthentication information of the user among the authenticated one ormore image processing apparatuses.